Forum Discussion
SharePoint Communication Sites - "Send by email" settings
This is a HUGE SECURITY FLAW. Why is Microsoft not addressing this????
Did you ever get a solution, to this problem, in Sharepoint 365?
It is a major flaw!
Regards,
Dan
Really? How?
Because this 'feature' that you cannot disable (without a hack or creating your own page type) literally parses the page and adds a snippet of the content to the email bypassing all security in place. I understand that as a user they can simply copy and paste the contents a of page and email them, but that requires effort and a strong understanding of what they are doing as well as giving the end user a chance to filter and/or remove content.
What if your sharing the page with an external user? Now they can just click the button, enter an email address... any email address, and send content from your page to anyone. Its pretty amazing that this hasn't been addressed yet.
I have built a small web-part that can be put an a modern page and offers the ability to hide some predefined elements (Office 365 Launcher Bar, Share Site, Send by Email, and the Footer) as well as adding any other elements which can be selected using a querySelector query. Anyone is welcome to use and/or modify it.
https://github.com/fuzion9/spfxExternalSiteShareCleaner
